1. Field of the Invention
The present invention relates to an image forming apparatus, a control method therefor, and a storage medium storing a control program therefor. Particularly, the present invention relates to an information-security-policy technique among apparatuses in a network environment.
2. Description of the Related Art
A personal computer (PC) and a server machine (a file server, an authentication server, etc.) that are connected to a network in an office are desirable to be operated according to an information security policy established for every office. The information security policy is a basic policy about information security of the whole company, and is decided by summarizing courses for controlling information use and for preventing an intrusion and an information leak.
There are peripherals, such as a multifunctional peripheral device and a printer, as apparatus connected to an office network in addition to a PC and a server machine. A multifunctional peripheral device in recent years does not only print and send an image simply, but also stores image data and gives a file service function to a PC, and it plays the same role as another server machine on a network.
In order to maintain safe and secure office environment, a multifunctional peripheral device also needs to comply with the information security policy like a PC and a server machine. The compliance with the information security policy here means to put a security restriction on operations in order to prevent an unauthorized use of the multifunctional peripheral device in an office and information leak therefrom. For example, the multifunctional peripheral device obligatorily requires user authentication before an operation or encryption of a communication path.
In order to comply with the information security policy, a PC or a server machine employs a method of distributing setting values that depend on an OS. For example, the setting values depending on the OS about encryption of a communication path, such as “non-SSL connection is permitted”, are managed so that a PC of any vender uniformly complies with the information security policy.
On the other hand, since items settable to multifunctional peripheral devices differ from vender to vender, an administrator must set the multifunctional peripheral devices so as to comply with the information security policy one by one based on the understanding of many operation settings (referred to as “user modes”, hereafter) for the respective multifunctional peripheral devices. For example, the setting value of the user mode about the encryption of a communication path is “to use SSL” in a multifunctional peripheral device of an A-company, but is “to encrypt HTTP communication” in a multifunctional peripheral device of a B-company. Accordingly, since the administrator cannot make multifunctional peripheral devices uniformly comply with the information security policy by distributing setting values, unlike a PC and a server machine, the administrator expends much effort. Moreover, an incorrect setting actually allows operations that do not comply with the information security policy, which may threaten office security.
Development environments and API (application programming interface) for some models of recent multifunctional peripheral devices are exhibited. This enables what is called third-party vendors other than the vendors that design and produce the multifunctional peripheral devices to add a function that operates inside a multifunctional peripheral device as an extended application. For example, even when the mechanisms of user authentication differ from client to client, a third-party vendor can generate and supply an extended application corresponding to a client's request, which enables to respond to a detailed need of every client. Some of such extended applications have setting values about security, and therefore, operations in compliance with the information security policy are desired.
Accordingly, a system that generates and distributes user modes of multifunctional peripheral devices when an administrator inputs according to an information security policy is proposed (for example, see Japanese Laid-Open Patent Publication (Kokai) No. 2008-219419 (JP 2008-219419A)). In this system, the administrator answers to questions displayed on a setting screen of a PC according to the information security policy. When receiving the answer, the PC generates a setting value (referred to as “security policy data”, hereafter) that does not depend on a multifunctional peripheral device based on the answer, and converts the generated security policy data into a user mode depending on the multifunctional peripheral device of a distribution destination. Then, the administrator can achieve the state in compliance with the information security policy by distributing the user mode to the respective multifunctional peripheral devices from the PC without having knowledge about the multifunctional peripheral devices, even if the user modes of the multifunctional peripheral devices differ.
Moreover, a mechanism that an information-security-policy change is notified by an OS of a personal computer to reflect a policy to an extended application is proposed (for example, see Japanese Patent No. 4676744). According to this mechanism, a module that manages the information security policy distributes the information security policy to each security engine (for example, a firewall and virus detection software) when receiving the information security policy. A security engine collects information from other security engines using an API (Application Program Interface) in the state where the information security policy has been distributed. Each security engine decides an operation based on setting states of other security engines.
In contrast to the above-mentioned prior art, a system that can change a user mode while maintaining a state in compliance with an information security policy may be desirable. For example, the multifunctional peripheral device shall support options “to use SSL” and “to use IPSEC” in the information security policy that obligatorily requires encryption of a communication path, and the state in compliance with the information security policy shall be achieved when enabling one of the options.
In a conventional system, when the setting value that enables the option “to use SSL” is distributed, a user cannot enable the option “to uses IPSEC” personally even if wanted. When the user wants to enable the option “to uses IPSEC”, the user must request re-distribution of the user mode in compliance with the information security policy from an administrator, which loses convenience.
Moreover, the conventional system does not provide a mechanism that gives the system explicit instructions (for example, session disconnection, logout of the user concerned, system reboot, etc.) after distributing information security policies to extended applications. Accordingly, the conventional system always requires system reboot after distribution. For example, although the system reboot of a general PC only affects on a user who uses the PC concerned, the system reboot of a multifunctional peripheral device causes device unavailable time (what is called downtime) that affects on a plurality of users, because the multifunctional peripheral device is shared by the users and processes a plurality of jobs simultaneously. Also in order to minimize such downtime, there is a demand to avoid the system reboot as possible.